How To Configure HSRP

Below are my notes for the CCNP Routing & Switching SWITCH 300-115 certification exam. I used two Cisco 3560 switches and GNS3 to perform my labs. For theory, I used Cisco Configuration Guides and the Cisco Press Official Certification Guide.

Hot Standby Router Protocol, HSRP, is a Cisco proprietary protocol to make multiple routers or switches appear as one gateway. The gateway is where the redundancy is provided. For each redundant gateway, there is a common HSRP group. One router/switch becomes the primary HSRP router and another is selected as the standby HSRP router. Any other devices part of the group are in the listen HSRP state.

R1 and R2 will be HSRP enabled.

At a 3 second interval, routers send HSRP hello messages to become aware if the other is up or down (between Active and Standby). The hold time value is 10 seconds or three times the hello timer. These hello messages are sent to the multicast address 224.0.0.2 using UDP port 1985.

There can be up to 255 HSRP groups and they are only locally significant.

Election of an active and standby HSRP router is based on a priority value of 0 through 255. By default, the priority is 100 but the highest priority value becomes the active router for the HSRP group. If there is a tie, the router with the highest IP address becomes the active router.

When HSRP is enabled, an interface goes through the following states:

Disabled

Init

Listen

Speak

Standby

Active

Configuration

I will use R1 and R2 as the two routers to provide a redundant gateway for 192.168.1.1.

Starting at R1, we will configure the HSRP group of 1 to use the gateway address, 192.168.1.1. As you can see, from the host we cannot ping that address at the moment.

On R1, in interface configuration mode under interface g2/0 we configure the HSRP IP address

R1(config-if)#standby 1 ip 192.168.1.1

Once this command is configured, the HSRP process is started. The router will begin an election process to become the active router for HSRP group 1.

If we wanted this particular router to always take over as an Active router we need to tell it to preempt. If this router was the Standby and the Active failed, the Standby router would take over as the Active. If this router was once the Active router and it came back online, it would preempt the current Active router. This would only occur if the priorities were set up correctly.

The preempt command with the reload delay 120 tells the router to delay it from preempting the Active router until 120 seconds has passed. This is helpful to allow the routing process to converge.

Below is a debug of the HSRP process. You can see the router begin by sending out Hello messages for the IP address 192.168.1.1. When no other router responds back, the router then moves into Standby and from Standby into Active.

Authentication can be configured on the HSRP group to prevent any unauthorized routers from becoming Active. While it is possible to configure a plaintext password, the example below uses MD5 authentication.

R1(config-if)#standby 1 authentication md5 key-string Cisco

Configure the same command on all routers participating in the same group.

Now let us verify connectivity from HostA to it’s gateway, 192.168.1.1.

Just a few dropped pings but not an extensive outage. I issued a shutdown on R1’s g2/0 interface and R2 picked up the Active HSRP failure very quickly.

Track Interfaces

What were to happen if R1 were to lose connectivity to its upstream gateway? By default, the HSRP group would still be up thus answering as the gateway for it’s hosts. This is not ideal. In this case, we want the router to concede if it lost connectivity upstream. We can lower the priority of the Active router to a value below the Standby’s. When the Standby sees it’s priority is now the highest and it has preempt enabled, it will become the Active router for the HSRP group.

We perform this with Interface Tracking. When tracking an interface, it will decrement the HSRP priority of the router by 10. This is the default decrement value. Within the HSRP group, we tell it which interface to track and if you wish to decrement a value different from the default, just add it to the end. In this example, I created a loopback interface on R1 for HSRP group 1 to track. If the loopback interface is unreachable or the status goes down, then I will decrement R1’s priority from 115 to 95 (20 decrement values):